check_typed_item_calls: filter out some false positives

This commit is contained in:
Martin Mathieson 2023-01-29 18:39:20 +00:00
parent 516c69b921
commit 407b707e1f
3 changed files with 53 additions and 7 deletions

View File

@ -8952,14 +8952,14 @@ proto_register_dcerpc_netlogon(void)
#endif
{ &hf_netlogon_neg_flags_40000000,
{ "Authenticated RPC supported", "ntlmssp.neg_flags.na8000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_40000000, NULL, HFILL }},
{ "Authenticated RPC supported", "ntlmssp.neg_flags.na4000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_40000000, NULL, HFILL }},
{ &hf_netlogon_neg_flags_20000000,
{ "Authenticated RPC via lsass supported", "ntlmssp.neg_flags.na8000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_20000000, "rpc via lsass", HFILL }},
{ "Authenticated RPC via lsass supported", "ntlmssp.neg_flags.na2000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_20000000, "rpc via lsass", HFILL }},
#if 0
{ &hf_netlogon_neg_flags_10000000,
{ "Not used 10000000", "ntlmssp.neg_flags.na8000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_10000000, "Not used", HFILL }},
{ "Not used 10000000", "ntlmssp.neg_flags.na1000000", FT_BOOLEAN, 32, TFS(&tfs_set_notset), NETLOGON_FLAG_10000000, "Not used", HFILL }},
#endif
#if 0

View File

@ -2647,7 +2647,7 @@ proto_register_eap(void)
NULL, HFILL }},
{ &hf_eap_tls_outer_tlvs_len, {
"TEAP Outer TLVs Length", "eap.tls.len",
"TEAP Outer TLVs Length", "eap.tls.outer_tlvs_len",
FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL }},

View File

@ -313,6 +313,51 @@ field_widths = {
'FT_INT64' : 64
}
def is_ignored_consecutive_filter(filter):
ignore_patterns = [
re.compile(r'^elf.sh_type'),
re.compile(r'^elf.p_type'),
re.compile(r'^btavrcp.pdu_id'),
re.compile(r'^nstrace.trcdbg.val(\d+)'),
re.compile(r'^netlogon.dummy_string'),
re.compile(r'^opa.reserved'),
re.compile(r'^mpls_pm.timestamp\d\..*'),
re.compile(r'^wassp.data.mu_mac'),
re.compile(r'^thrift.type'),
re.compile(r'^quake2.game.client.command.move.angles'),
re.compile(r'^ipp.enum_value'),
re.compile(r'^idrp.error.subcode'),
re.compile(r'^ftdi-ft.lValue'),
re.compile(r'^6lowpan.src'),
re.compile(r'^couchbase.flex_frame.frame.id'),
re.compile(r'^rtps.param.id'),
re.compile(r'^rtps.locator.port'),
re.compile(r'^sigcomp.udvm.value'),
re.compile(r'^opa.mad.attributemodifier.n'),
re.compile(r'^smb.cmd'),
re.compile(r'^sctp.checksum'),
re.compile(r'^dhcp.option.end'),
re.compile(r'^nfapi.num.bf.vector.bf.value'),
re.compile(r'^dnp3.al.range.abs'),
re.compile(r'^dnp3.al.range.quantity'),
re.compile(r'^dnp3.al.index'),
re.compile(r'^dnp3.al.size'),
re.compile(r'^ftdi-ft.hValue'),
re.compile(r'^homeplug_av.op_attr_cnf.data.sw_sub'),
re.compile(r'^radiotap.he_mu.preamble_puncturing'),
re.compile(r'^ndmp.file'),
re.compile(r'^ocfs2.dlm.lvb'),
re.compile(r'^oran_fh_cus.reserved'),
re.compile(r'^qnet6.kif.msgsend.msg.read.xtypes0-7'),
re.compile(r'^mih.sig_strength')
]
for patt in ignore_patterns:
if patt.match(filter):
return True
return False
# The relevant parts of an hf item. Used as value in dict where hf variable name is key.
class Item:
@ -336,9 +381,10 @@ class Item:
if check_consecutive:
if Item.previousItem and Item.previousItem.filter == filter:
if label != Item.previousItem.label:
print('Warning:', filename, hf, ': - filter "' + filter +
'" appears consecutively - labels are "' + Item.previousItem.label + '" and "' + label + '"')
warnings_found += 1
if not is_ignored_consecutive_filter(self.filter):
print('Warning:', filename, hf, ': - filter "' + filter +
'" appears consecutively - labels are "' + Item.previousItem.label + '" and "' + label + '"')
warnings_found += 1
Item.previousItem = self